Skip to content

v4.18.0
Compare
Choose a tag to compare
@patel-bhavin patel-bhavin released this 20 Dec 18:44
· 1320 commits to develop since this release
v4.18.0
87cb8c9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

ESCU 4.18.0 Release branch

New Analytic Story
  • Rhysida Ransomware
  • Kubernetes Security
Updated Analytic Story
  • NjRAT
  • RedLine Stealer
  • Amadey
New Analytics
  • PingID Mismatch Auth Source and Verification Response (External Contributor : @nterl0k )
  • PingID Multiple Failed MFA Requests For User (External Contributor : @nterl0k )
  • PingID New MFA Method After Credential Reset (External Contributor : @nterl0k )
  • PingID New MFA Method Registered For User (External Contributor : @nterl0k )
  • Kubernetes Abuse of Secret by Unusual Location
  • Kubernetes Abuse of Secret by Unusual User Agent
  • Windows Modify System Firewall with Notable Process Path
  • Kubernetes Abuse of Secret by Unusual User Group
  • Kubernetes Abuse of Secret by Unusual User Name
  • Kubernetes Access Scanning
  • Kubernetes Suspicious Image Pulling
  • Kubernetes Unauthorized Access
  • Windows Modify System Firewall with Notable Process Path
Updated Analytics
  • Allow File And Printing Sharing In Firewall
  • Azure AD PIM Role Assigned
  • CMD Carry Out String Command Parameter
  • Detect Use of cmd exe to Launch Script Interpreters
  • Modification Of Wallpaper
Other Updates
  • Added two new lookup files ransomware_extensions_20231219.csv‎ and ransomware_notes_20231219.csv and updated the existing transforms definitions of ransomware_extensions_lookup and ransomware_notes_lookup to use the latest csv files.

Contributors

nterl0k
Assets 3
Loading